Extracted

• • Target

    JaffaCakes118_b5b559ae20ec80c26ec50afd2d077f53

  • Size

    13.6MB

  • MD5

    b5b559ae20ec80c26ec50afd2d077f53

  • SHA1

    4553fc5937302711ee5e74a881c7fd4acd119e5b

  • SHA256

    072e795c44b87d1eb54005be791e75db47cb9717e43b300d3e27b6c9d99523fd

  • SHA512

    dadb525483641f1574c5efcb48cc2c1333d34145b1b7e6386afa9f3e64db7ce45bbe4fc70f2656a997ec42e839bc73cb4c641bd97061e95d712c476f5573cdfd

  • SSDEEP

    196608:aI+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++2:a

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2